Saturday, January 30, 2010

Antivirus Soft is a fake anti-virus program that is usually distributed through the use of fake online anti-malware scanners and various other bogus websites. Actually it's a Trojan virus, but it shows up as anti-virus software and even pretends to be a legitimate one. Antivirus Soft is a scareware or badware from the same family as Antivirus Live. Once installed, it simulates a system scan and gives a list of false computer threats or infections just to make you think that your computer is seriously compromised. The scan results are absolutely false, so don't worry. The only real infection is Anti-virus Soft itself. It will constantly ask you to purchase the program in order to remove the infections and to protect yourself.

This virus doesn't delete any files; your data should be safe. The main goal of this bogus software is to trick you into purchasing it, so please don't do that. If you already did, then contact your credit card company immediately and dispute the charges. Then removal Antivirus Soft from your computer as soon as possible and don't make any online payments while you’re infected. Read the removal guide below.

Antivirus Soft Demo virus is a very annoying scam, it will display fake security alerts and error messages stating that particular software or web page is infected like every one or two minutes. The fake message reads:

"Application cannot be executed. The file [program].exe is infected.
Do you want to activate your antivirus software now."

The biggest problem is that AntivirusSof won't let you to download or install legitimate anti-malware software. You can try to remove it manually, but I think it will block Task Manager and other useful Windows tools to stop you. Instead try to restore your system to a previous day when your PC wasn't infected or read the removal guide below.

Antivirus Soft removal instructions (in Safe Mode with Networking):

1. Reboot your computer is "Safe Mode with Networking". As the computer is booting tap the "F8 key" continuously which should bring up the "Windows Advanced Options Menu" as shown below. Use your arrow keys to move to "Safe Mode with Networking" and press Enter key. Read more detailed instructions here: http://www.computerhope.com/issues/chsafe.htm

NOTE:Login as the same user you were previously logged in with in the normal Windows mode.
If you can't reboot your PC in Safe Mode with Networking, download SafeBootKeyRepair and run it. Follow the prompts. Then reboot your PC in Safe Mode with Networking. (Before saving SafeBootKeyRepair.exe onto your computer, please rename it to winlogon.com or iexplore.com)

1. Download iexplore.exe (NOTE: iexplore.exe file is renamed HijackThis tool from TrendMicro).
Launch the iexplore.exe and click "Do a system scan only" button.
If you can't open iexplore.exe file then download explorer.scr and run it.

By default "Appdata" folder is hidden. To unhide this folder (and others), open the Folder Options in the Vista Control Panel, and on the “View” tab, change the option to “show hidden files and folders”, and click ok.

327
comments:

Thank you so much for posting this fix. I was infected 01/29/10. Minimal information on line about this new threat. Problem resolved once I found your post on 01/30/10. SpyBot worked successfully. Thanks again.

Another round of thanks for this timely post. It proved to be extremely valuable in returning my Windows XP system back to a "normal" state. My system became infected on 01/30/10. Would love to know where in the world I picked up this nasty virus so I could inform friends and family about what and where to avoid. Many Thanks!!!

This was a lifesaver. just as the last poster said, i was infected with this yesterday and couldnt find much about how to fix it until i found this. you saved me from having to take my computer somewhere and have someone else fix it for probably way too much money...so im very grateful!

I have a Dell Inspiron 6400, and I can't find a way to rename the files before I save them. It just says something along the lines of "(blank) can be downloaded. Would you like to save this file?" and it won't let me rename it until it is already saved in my dock..any help?

Mikayla, then just rename it as it's alredy saved. Maybe that will be OK in your case. Or if you have another computer, then you can transfer the renamed file to infected PC using USB flash drive or any other external media.

Reboot in "Safe Mode with Networking" as shown in the image above. You have probably rebooted it in "Safe Mode" only. And buy the way, you can use another browser if you have, for example Firefox, Chrome or Opera.

I've booted it up in safe mode and in safe mode with networking and it gives me the same screen for both. It asks me if I want to restore my system to an earlier time or proceed in safe mode with the safe mode with networking or regular safe mode.

Restoring the system took care of the problem, thank goodness! Thanks for your help and quick responses! Nothing is worse than not knowing how to fix your computer when you have lots of research and lab reports.

"I'm infected and I printed out the removal instructions our problem is we already have the malware downloaded and the antivirus soft will not let us open it what should we do..."

If you can't run MalwareBytes then download Spybot S&D. NOTE: you have to rename spybotsd162.exe to either iexplore.exe or winlogon.exe before saving it on your PC. And you are in safe mode with networking, right?

this is from my space as its the only site i went too to check out my kids my space page..i am unable to reboot in safe mode w networking so i put it into ful safe mode to even be able to run any scan. hoping to remove this pest before my husband wakes up and realises ive infected his quad..figures couldnt be my piece of crap old dell had to be his new baby..i sure am hoping this works...stay away from my space as this is a nasty one

i've tried to remove it using malwarebytes but is not working for me..... i ran the program and does not identify "antivirus soft", it was able to identify other malware that i had but not the one i want to remove, i ran it on safe mode and on normal mode but still not working, what should i do?? should i download spybot? please reply

My girlfriend got the AntiVirus Soft at school today after being on myspace/facebook. I had been working on it for hours until finding this site. I ran SpyBot while in safe mode with networking, but it didnt find anything. But doing a System Restore seems to have done the trick *fingers crossed*. Thanks for the help!

hey, first of all thanks for your description but I can't solve the problem because I'm not getting in the safe mode. Every time I try to start in safe mode the pc automatically powers down. Any solutions for that?

danng, this was really so helpful for that annoying false antivirus softwarejust happened about an hour ago and seen this site and it really helped out! if this site let you rate this, i'll give it all stars!

I got it yesterday by visiting myspace. I've run Ad-Adware,Ccleaner and Malwarebyte with no luck. This is the first time I've heard of spybot so I guess I'll have to try that one went I get back home. I'll also try downloading in safe mode cause right now I'm just unchecking proxy setting and getting to the download site very quickly before antivirus soft takes over. Usually takes several trys.

This is the second time I've gotten this same virus from myspace! First time I stayed up all night screwing with internet settings in order to reconnect to internet explorer. I have totally forgotten what I did that night so guess I'll just try the spybot.

Hallo this site was very helpfull for me, but I found something very interesting besides, because all tools didn't work for me on XP---> look out for a file called "iawbsftav.exe" inside your system:Local%20Settings\Application%20Data\nnayfv\iawbsftav.exe/alert.htm

Thank you. Removal instructions updated! It seems like the rogue program can disable Safe Mode with Networking. That's probably because it removes "SafeBoot" registry keys from Windows registry. In order to fix this problem you have to download SafeBootKeyRepair tool from

http://download.bleepingcomputer.com/sUBs/SafeBootKeyRepair.exe

NOTE: before saving the selected program onto your computer, please rename SafeBootKeyRepair.exe to winlogon.exe or iexplore.exe.

Run this tool first and then reboot your PC in Safe Mode with Networking. Good luck!

I ran spybot in safe mode and it found the malware and removed it. When I rebooted in normal mode and ran spybot it did not find it but the malware is still on computer as it keeps popping up. Any suggestions what to do next.

I'm using XP and do not have a restore point unless it is saved somewhere automatically. I have also tried to use Hijack this and of no vail. Any suggestions at this point would be great my computer has been down for three days now.

I followed the instructions exactly, ran malware in safe mode too, i removed it, but when i'm starting again in normal mode the virus is still alive,i'm using XP..I tried the removing also with spybot, avg and SUPERantispyware, but everytime the same problem...does anyone know what do to?

Probably it's a new version of this virus. I don't have a sample and can't test it. I guess we just have to wait until anti-malware software manufacturers will add new malicious files in their databases. And remember, you MUST update anti-malware before scanning your computer.

For anyone trying to remove this, it might help if you ctrl alt del and go to your processes. From there, sort them by memory with the highest at the top. Google search each one until you come across one that has no google return (for me it was "dhogsftav"), then end that process. This will help your spyware discover the virus!

There is a way to open programs. When you log on, hit ctrl+alt+delete and the task manager will open before Antivirus Soft does, and you can close the program. In the processes section, look for hpisstfav.exe or something close to that (I don't remember exactly, but the 'hpiss' is accurate) and end the process. Then you can open and work freely without the numerous interruptions it causes.

There is a way to open programs. When you log on, hit ctrl+alt+delete and the task manager will open before Antivirus Soft does, and you can close the program. In the processes section, look for hpisstfav.exe or something close to that (I don't remember exactly, but the 'hpiss' is accurate)

got something called hpqwim.exe or someting removed it 2 times before the loadscreen is done and it still pops up

yesterday, i got infected with xp guardian and used malwarebytes to get rid of it, and it worked. this time, i got infected with antivirus soft, and tried the instructions here (safe mode with networking), and ran a quick scan. However, malwarebytes only indicated one infected file, and when i restarted my computer, the antivirus soft was still here with all of its annoying popups. what can i do?? it wont let me run command, open notebook, etc...

I got infected toeday and what I did was I logged in safe mode with networking and restored my system to a date one week before. It's not gonna delete any files but just changes in the registry and downloads so it would remove programs such as Antivirus Soft etc. I didn't need to download any other programs to remove the spyware/malware so I think this is a safer route.

My work laptop got infected today and when I try to start the computer in safe mode with networking it is just frozen at my log in screen. I've tried all the suggestions I've found here and I'm still stuck with this virus. Does anyone have any suggestions!!????

Oh my god!!!! This helped me get rid of that stupid fake antivirus software!!! After almost 3 hours of screaming at the computer, out of frustration, i finally got rid of it! Thank you for this who ever you are that posted!

"What can I do to prevent this from happening again? I got this virus from myspace and previously another similar one."

First of all you must have an anti-spyware or anti-virus softare with real time protection. Free anti-malware scanner such as MalwareBytes is not enough. If you don'thave one then most likely your PC will be infected again. I recommend software that has good 0Day Malware blocking and detection rates. That would be:

Spybot is not exposing any issues. I renamed spyname.exe to iexplorer.exe (no *162.exe in my spybot folder) to see if that'll work. I was able to install MalwareBytes and it found quite a few problems when I said "fix" it said "pay money." Is that what everyone else is doing? I'm a little suspect when money is requested....?

I was attempting the normal login removal instructions and ran the hijack this and killed the two entries i had that matched. Now my malwarebytes freezes when I attempt to do a full system scan (though the program will launch).

Thanks for this really helpful forum! Even when updated and in safe mode spybot didn't detect the problem but malware bytes did and it removed it. I would also suggest that people run a search for "sftav.exe" in their hijack this logs, click on the correct entry, and then fix the checked entry.

What happens if you get the Antivirus soft virus and you already have an avti-virus program on your computer. I just got the virus last night while on myspace but i already have norton 360. Anyway, I just did a system restore to 3 days back then did a complete scan and that seemed to work. Oh, is myspace of facebook doing anything about this virus?

i followed these steps on rebooting my computer and tried going through safe mode but then my computer just shut down. I then downloaded the safebootkey repair but i cannot open it because of the antivirus soft won't let me open many programs or do much at all, it tells me everything is infected and doesn't let me open things. so now what?

Here's what I did since I couldn't get into safe mode...Restart your computer, and as soon as windows starts, begin to hit the start button, then "run." If you do it quick enough you can open "run" before the antivirus soft starts up. Type "msconfig". Then go to the startup tab and disable all services. Restart the computer. Of course, the virus is still there, but you can now get online to download one of the antivirus programs to fully remove it. Good luck. Sean

I "Restored System" (Start>All Programs>Accessories>System Restore) to a previous date in "Safe Mode With Networking" and it worked like a charm. I didn't lose anything important ("anything important"=music), a couple of documents, and other stuff I had before the Malware. But I'm guessing that the results I got with my files aren't typical for everyone. I got this Malware today after I restarted my computer when I logged onto Myspace earlier so that may be the cause as other posters have stated. My sister logged on Myspace after I removed it so I'll see tomorrow if I get it again when I get in again (using my iPhone by the way).

The easiest way is the System Restore for all my lazy people out there haha.

I'm having some trouble opening up the scanners you recommend. It seems to be that any spyware programs I've had in the past won't open, and any new programs will work once. Any ideas why this might be so and how to stop it so I can remove this problem?

This thing BITES. I can run in safe mode, and I've done scans with updated Malwarebytes and with Spybot S&D. They find a few things and fix them, but it's still there if I restart in normal mode. Each scan takes almost two hours, and I still can't use my machine properly. I haven't been THIS hosed since MSBlast was brand new. I don't want to use System Restore.

I hope someone comes up with a stinger for just this, because as far as I can tell, it really went widespread in the last few days.

I've tried both Malwarebytes (didn't detect) and SpyBot (won't even run, eve in Safe mode). Also, I can't get to the internet in Safe Mode with Networking. I tried the safebootkeyrepair file, but when I try to run it, it says its only supported by XP and 2000 (I have Vista). Also, the system restore tip won't work. Does anyone have any other suggestions? Thanks in advance.

In these folders you will find either [random]sftav.exe or [random]sysguard.exe file.Rename that file to something like aaabbb.exe and restart your PC. There is a chance that Antivirus Soft won't load up.

In Windows Vista and 7 go to these folder and do the same:

C:\Users\[Username]\AppData\Local\[random]\

NOTE: By default these folder are hidden. To unhide these folder (and others), open the Folder Options in the Control Panel, and on the “View” tab, change the option to “show hidden files and folders”, and click ok.

I did as Admin suggested above and deleted the file in said folders. I restarted and Antivirus Soft did not load up. Does this completely fix the problem? or does it just stop the pop-ups? Right now this is the only solution that works for me. I've tried all the others. Malwarebytes and Superantivirus wont get rid of it.

I did a system restore to get rid of the virus but i still want to download malware bites, just to make sure, but i already have norton 360. will the two conflict each other because norton detected no virus after the restore (w/ a full system scan).

Hi there! Your help came in REALLY handy when this stupid AV soft crap took over my PC. Questions though; 1) Clearly the lines of code changed, the names were different which creeps me out that there are other strings of code that are still there in my pc. But at least the cheesy ads and the endless warnings have stopped.2}In Hijack This, I clicked on "analyze this" button. I know you didn't say too, but Hijack this instructions on the their menu said to analyze before deleting. Where did the log file get uploaded to? who got all that info?Thank you!

1) Just scan your PC with MalwareBytes or SUPERAntipsyware to make sure that your computer is clean now.

2) No one got your log file. "analyze this" button redirects to Trend Micro website with further instructions where you can upload you scan log. It doesn't upload the log file automatically. Don't worry!

Also I am very curious how I acquired this AV soft virus. I am usually very careful. Someone said they got it on myspace. How does that happen? I was just on myspace the night before updating my blogs.

Thank you very much!!! I was infected and all i can do was use the internet and restart my computer. This computer doesn't belong to me. So you really saved me. One thing i like to know is where did this virus come from?

Hi there I'm having the same issue like everyone else is having. And I tried Malwarebytes and it found 6 items in my computer, but when I reboot it nothing happened. The virus is still there.. did I do something wrong? Cause I got spybot and I download HiJackThis and when I did scan only some much stuff pulled up. I don't want to delete anything that I'm unsure about so like when using HiJackThis, what are you suppose to delete from it and stuff. I'm so new to this and I don't want to make matters worst. Some help please cause this is annoying having this thing on my computer =/

Windows XP Media: I turned on pc in normal mode, hit ctrl alt delete to pull up the Task Mgr before the alerts started and watched the processes. I looked to see what was changing at the point the alerts came on. Didn't catch it exactly but noticed this one: tivmsftav.exe looked it up on Google, couldn't find info on it, so I ended the process. Within a few seconds all the fake alerts disappeared. Then I did a Search for tivmsftav.exe and deleted it. It was in c:\WINDOWS\Prefetch and in App Data under ggryoc\tivmsftav.exe in the Doc & Settings.

I'm not a techie, but so far this is working for me. I deleted a bunch of other stuff in App Data that I looked up on Google to discover if malware related or not. There may be more crap in my pc, but I'm rid of the alerts at least and everything seems to be running ok, even after restarting in normal mode.

Thanks to everyone here trying to help each other. Without your hints and clues I never would have found a solution. I hope this helps somebody. Or if I really screwed up, somebody please say it so nobody else follows in my ignorant footschteps, footschteps, footschteps!

I couldn't restart in safe mode with networking, downloaded HijackThis but it wouldn't open, and I couldn't find any direct matching file names as listed above.

I restarted again (for about the 5th time today), to try the ctl+alt+delete trick and end the process, but this last time I started up I got no pop-ups or anything.

However, now that I look in my application data I find a folder titled "yqachx", and within that folder there is an .exe program titled "blsjsftav". The properties shows that this folder was created today at 10:58 am, right about the time I started having problems (I was on photobucket around this time). Do I just delete this file/program or what do I do from this point?

Also, there is also a folder titled "mqeueo" but it is empty. Should I delete this too?

I've had a lot of problems with malware recently. A couple weeks ago I got "Internet Security 2010" and had to take it to a shop to get cleaned/fixed for $60 bucks. Then a few days ago I got XP Guardian and (thankfully) fixed it with the help of this site. And now this stupid Antivirus Soft..

Thanks for the timely instructions. I had already tried using a scan with malwarebytes to no avail. After booting in normal mode, I was not able to use system restore. So I rebooted in safe mode logging in with the same identity and the restore was successful. Excellent advice. I use Avast antivirus, but it did not block "Antivirus Soft" from self installing on my system. Does anyone have advice of a better "real" antivirus program to use?

Nothing is working. I am so frustrated and I have no idea what to do. I cannot start my computer in safe mode. Even renaming the file to be able to do it, it still won't let me run it. Same with HijackThis. I renamed the file. Nothing. Won't let me open it. I don't know how to find it in my program files. I want to scream.

This is not a removal solution but a short term solution to disable this virus, maybe... if the virus program is running...go to the windows task management screen (look under applications) and you will see the program by its name listed (antivsoft). If you right click it, the menu that pops up will give you several options. I think it is the last one that says "go to the process". Click that and it takes you to the name of the program (just a bunch of letters)... Then right click that program and select end process... this seems to disable the program.... it quit giving me those pop-ups and it allows me to do other stuff that could not be done before... Next I am going to try to run malware and other programs now that it is disabled....to see if they work. I am crossing my fingers.

I think that I have finally gotten rid of the Antivirus Soft malware. I scanned my system with malwarebyte's but had no luck with it. However, I had not udpdated it like the Admin kept saying. I was able to stop the process by doing a ctrl+alt+delete right after logging into windows which allowed me to activate task manager before the malware loaded and looked for a process ending with sftav as mentioned in a previous post. The process was named "wacqsftav.exe". After ending the process I ran HiJackThis and searched for all occurances of sftav and fixed them. I rebooted without any issues. I am running an updated malwarebyte's scan now to hopefully remove any leftover pieces. Good luck!

Thank you so much. My son's computer went insane witht his virus. I forgot to change the name- actually could not figure out how to. I ran spybot, then malware and all is ok. It was Facebook he was on.

I have Windows XP and can't complete the download process for SpyBot. I even tried putting it on a flash drive and running it from there. It's also not letting me look for the folders everyone is listing above. Is the virus being changed to adapt to these fixes? Do I have to take my computer to a shop now?

Got infected with this from myspace today, downloaded malwarebytes, rebooted to safe mode with networking, installed malwarebytes ran the update and then did a full scan it detected 1 reg key and 2 files. removed them and rebooted to normal mode, all gone

HELP PLEASE!!!Followed this guide, booted into safe mode and updated and performed a full scan, found two problems and fixed them. After this I can't boot into normal mode at all, I mean the windows Vista tune plays, but after that startup window disappears a black window follows and the computer is just waiting, not showing the desktop only the mouse.

What program did you use? Probably it did something wrong and now you can't start your PC in Normal Mode. Sometimes such things happens. Try to repair the system if you have Vista DVD. Detailed tutorial how to do this:

http://www.bleepingcomputer.com/tutorials/tutorial148.html

Also you may reboot your PC in Safe Mode again and restore the system to an earlier date. NOTE: select restore point which was made before your PC got infected. Good luck!

Ugh. This virus is driving me up the wall. I've done all this, and run Malwarebytes, and it detects everything, and removes it, but when I reboot my computer, the virus is still there. What the heck is going on? Also, Hijack This doesn't find anything with the sysguard or sftav on the end.

I also just ran the SafeBootKey and I still can't get into Safe Mode. :( I mean... I don't need to use IE (I have Firefox) and I'm able to download stuff. But nothing is actually DOING anything. It all says it's doing something, and then doesn't.

i have this problem also i downloaded the software did everything in safe mode, it said it was removed went back into normal mode and its still here. but in the beginning when saving i cant rename the file, so i renamed it after saving. could this be a problem? HELP PLEASE.

Ok. I ran Spybot in safe mode. When I ran it in "normal" mode, it shut down and the malware was STILL there. I tried this. Like others said, do ctrl-alt-del to get to task manager BEFORE the malware has a chance to pop up. Delete anything that ends in sftav. I did that, but that little icon was still there in the bottom. I then deleted something with QX in the process. That seems to have done it. I am now re-running Spybot. I will keep you all posted. This is insane, and I'd like to wring the pencil neck of whoever is responsible for this.

I tried to restore to earkier date through start,programs,system tools and restore. Window appears with Application cannot be executed. The file rstrui.exe is infected. Do you want to activate your antivirus software now? What to do, I can't even open winlogo.com and inexplore.exe without same message.

Did you read the removal instructions? You can't restore you PC when there's an active Antivirus Soft process. That's why you get that error message. You have to end its processes first. Please read read removal instructions carefully. Good luck!

I found the file and renamed it to random letters so now the program doesn't load up. I scanned my computer and everything, and it says its cleanso does that mean my computers safe now? even tho the files still there just renamed to something different

Q: "I found the file and renamed it to random letters so now the program doesn't load up. I scanned my computer and everything, and it says its cleanso does that mean my computers safe now? even tho the files still there just renamed to something different"

A: It's not safe yet. Download and install SUPERAntispyware. IMPORTANT! update it be before scanning.

YES! this is a fantastically easy method. knew there was something wrong, put in my antivirus disk to install the program, and it wouldn't let me!!! So deleting those files really helped...question: why would you do the whole reboot if you can just dl the program and delete the infected files?

rkill really helped me get a grip of my computer for awhile and install the anti malware programs I needed to solve this problem. I got rid of over 100 infected files but once i rebooted in regular mode the stupid antivirus soft was and is still here on my computer.

malwarebytes won't let me update, neither will any of those other anti malware programs someone else suggested to me and if i go in safe mode i can't go online to look for help

this virus is a real pain and i hope i wont end up having to pay someone to get rid of it.

couldn't go into the safe mode, and couldn't run the SafeBootKeyRepair thingy cause antivirus-soft (SO fucking annoying) kept blocking it. so I followed the instructions for normal mode (with HijackThis + spybot) and spybot found something called "Fraud.Sysguard" which i'm hoping is the right one >_>anyways, THANK YOU SO MUCH!!1!

Thank you SO MUCH admin, and everyone else's posts! I deleted one of the execute files as said earlier (if you want to see the post just search on this page 'aaabbb'), which seemed to have stopped the irritating popups.I used Spyware Doctor which detected a few, but after doing so rebooted in 'Safe' mode and used my previously downloaded 'Malwarebytes' to detect and remove the rest. Malwarebytes showed that this virus had in fact added 3 new trojans to the list rather quickly.Shame, althought it initially blocked a few, these trojans appeared to have walked right by my Norton 360... (N). Restarted now in Normal mode, things seem to be ok.

@Admin, Is there anything else I should do? Should i still run a system restore??Still not even sure where I received this virus from either..

Hello, and thank you for all the wonderful tips for removing this virus. Mine in particular was especially tricky. I used a combination of every tactic you suggested to finally remove it. From HiJack This, to file-shredding the folder it placed in my Local\Apps folder, to an anti-malware. When I started the computer it loaded perfectly, without the virus. However, somewhere in the process, my file extensions and program recognitions have ceased to work. As in, any icon on the desktop I click, it asks me what program I would like to use to open the file. As of now, I'm accessing all programs from the Program Files(x86) folder. Almost notable is that when selecting the proper file extension, theres a checkmark box which indicates keep this selection permanent, however, it is grayed out and therefore unclickable. I'm not so bad with a computer, so thankfully Im able to resume my work as normal, but I know something is wrong. I hope you may know what caused this or an easy fix, and thank you for the assistance in removing the virus.

I'm having issue with my laptop and I can't get rid of Antivirus soft off my laptop.. I tried Spybot and Malwarebytes and it didn't do nothing for me. For as hijackthis I don't know what to delete or what I'm looking for. And I tried to reboot my computer and I still have this crap on my computer... It's so frustrating cause I got it from myspace and facebook too. And I don't know what's going on what to do about this issue. Could someone please explain to me what I should do. Cause I'm in safemode but it's only so much you can do..

I already have malwarebytes anti male and spybot search and destroy. I did a full scan with anti-malware and deleted all the malware files. However, this malware is still on my computer, which has 3 separte accounts. What do I do next?

i got the antivirus soft and now it wont even let me log into windows.. it keeps saying i need to register my windows... wtf? wont let me even log in with safe mode. i also tried using my reboot disk and it still will not let me go anywhere...

As soon as your computer starts hit ctrl+alt+delete and get into your proccesses! If you do it at the earliest possible moment you should be able to beat startup on antivirus soft. You can then find the virus and turn it off, giving you complete freedom to download, install and run whatever to get rid of it.

I tried using MalwareBytes but it did not work. However, SuperAntiSpyware worked just fine!

Thanks a million!

Also, if you want to be able to use your computer for people that can't... you can download an rkill file that basically closes all the programs including antivirus soft so you can open spyware freely and detect the virus. I don't know, it worked for me... you can get the file here...

Antivirus Soft is a damned shit difficult to remove. I couldn't install Neither MalwareBytes nor Spybot Search&Destroy , even on safe mode with network , nothing seemed to work. At last I restored WXP to a previous state on safe mode, then reinstalled successfuly Spybot Search and Destroy,, updated it, performed a full scan and eventually everything was fine again.

ive downloaded superantispyware but it says that the system administrator has set policies to prevent this installation. im pretty sure that ive done everything. updated malware did not work and spybot did not work.any advice?

I didnt find this site until AFTER I cleaned up my computer manually. I couldnt get to the internet and didnt know what it had done so I just scoured the registry myself. Good thing I was using WinXP because if it had been Vista, I'm just not registry savvy on Vista yet. Anyway, this site tells it exactly and helps you solve it exactly. I THINK I picked it up from WEBSHOTS downloading some desktop backgrounds. Wont go there anymore either! Thanks for posting this, I know it will help many.

I'd like to add to this, that if you bring up task manager as soon as you get into windows (and before antivirus soft loads) then you can kill antivirus soft's exe and that will allow you to download and run other programs. Don't know if it lets IE run because I don't use it.The exe is called sdnusftav.exe

Thank You so much for your help. I had Norton Antivirus 360, which I paid over $60 for. On a full scan with latest update turned up nothing. The free Malware bytes program which you recommended is in the process of running and has already found 4 objects infected. You guys are lifesavers.

My laptop was infected by this anonying virus. It keeps popping out alarms and asking me to pay. TaskManager does not start. Control panel does not let me to go to Add/Remove program tab. It does not start with safe mode. Every time the system is booted in normal mode, the dame "antivirus soft" starts up and displays a token like a green check mark in my winodws toolbar. I was very scared.

Here is what I did to successfully remove the virus:

1. I used my XP CD that came from Dell (fortunatelly I found it!) and boot my laptop from CD.2. I used "R" to try to recover OS but it did not allow me to boot safe mode either 3. I had to reinstall Windows XP4. After 40 minutes, the XP was installed. 5. I finally was able to boot XP in safe mode with networking6. After XP was up, I used start-menu/run and type msconfig 7. In the msconfig window, found startup tab and carefully go through the startup list. Finally I spotted the criminal. The name was iftkjs (looks like a random name). I unchecked it. Following its location column, I also found the program. It was under "C:\Documents and Settings\\Local Settings\Application Data\iftkjs". I deleted this entire directory.8. I booted my machine in normal mode. This time the virus did not auto started. I knew that I got it right.9. In the normal mode, I cleared up the registry as described in this article.

Now my computer works fine. But 4 hours of precious time was spent on this thing. Whoever invented this virus should be put into jail!!

i ran malware bytes and it removed all the viruses but i was in safe mode and then i logged in normally and the virus wasnt popping up anymore but i scanned again to be safe and it found two more viruses which i deleted i was just wondering if i need to do more or if my computer is safe now.

Seems like the infected pop-up process is single threaded. So, I tried to launch (for example) notepad.exe and then when the "infected" pop-up comes up, I leave the pop-up running in the background -- which ties up the Antivirus Soft process. I then launched task manager, found the [random]sftav.exe process and ended it. I then ran a full-scan with Malwarebytes which found the trojans and removed them. So far so good.... just another method to try....

Hi, I just now got this infection (Feb. 19). I restarted my computer in "Safe Mode with Networking".........then just did a system restore. It worked PERFECTLY!! Nice and quick!! So, for now I'm good, but I just hope this nasty thing stays away!!

I got the Antivirus Soft trojan virus last night. You would be surprised to know how that happened. I am an engineer and I was searching in Google some Acme lead screws that I needed for my design project. The website where I got infected was www.business.com. It seems that this virus is wide spread if one can get it on such place as business.com doing some research work.To get rid of the virus I followed insructions that were provided on the BleepingComputer.com. After the first attempt, I rebooted my computer from safe to normal mode, but the vires was still working its job as before. So, I tried again the same proces. The Malwarebytes did not find any infected object this time. I went again back to normal mode with intention to try ctrl-alt-del and to find the malicious files in the task manager and end those processes. However, this was not necessary since the virus did not display any of its fake warnings. I was now able to connect to Internet and to update the Malwarebytes. Right now I am performing the full scan. After more than an hour and about half of all files scaned, the Malwarebytes found 1 infected object, which might be the Antyvirus Soft itself that was not detected in the first scan. For now it looks that vires is gone. I will keep you updated. Thank you all for your inputs. All of us together can win this fight against a few bad guys.

HELP! Tapping f8 does nothing for me. I saved safe boot repair to usb from another computer and tried to run it on mine but got blocked. I tried ctrl alt del and managed to get task manager up but found no process with hpiss. I'm running XP What do I do?????

A+++ What a great thread thanks so much for the information this took just about 2 hours to clean at 1AM when i was just getting my gaming on! :( But i was able to fix it hyjack this took care of it when spybot failed to do it either way im glad its off and i'll be protecting myself better from now on i believe i picked it up from a site called TVDUCK i was watching some Archer episodes and all of a sudden this started up.

ok pressed f8 and got a black screen that says please select the operating system to start. Microsoft Windows XP Home Edition is the only selection and is highlighted use up and down arrows ...blurb and then down the bottom to press f8 for troubleshooting and advanced start up options for windows but when I press f8 nothing happens if I press enter nothing happens

wow, i worked for hours trying to get rid of this problem. Once I found the info here, I had the problem solved in 30 minutes. I picked up the virus 2/20/10 from Facebook (I think). Major pain but this blog helped solve it. Thanks so much for the great info.

My PC was infected on Feb 19. I restart Windows XP in normal mode, open Task manager before AV Soft, stop it when the malware was loading, then Windows seem to work ok. I used Malwarebytes to do a quick scan and remove the malware (takes about 15 minutes).the log shows:Registry Keys Infected:HKEY_LOCAL_MACHINE\SOFTWARE\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.HKEY_CURRENT_USER\Software\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.Folders Infected:C:\Program Files\Anti-Virus Professional (Rogue.AntiVirusProfessional) -> Quarantined and deleted successfully.

I was infected through FB last night, and I've tried many things, MalWare, Norton, the works. The steps I used though were slightly different than the steps here. MalWare fails to update when I go to update it. Any advice? I don't want to resort to a Full System Restore, because I have a ton of stuff to back-up. If I do, are those files safe?

I also used task manager right at boot up with CTRL+ SHIFT + ESC in order to open task manager quick enough to start end unknown tasks starting. Gave me the chance to operate w/out virus running.. Thank goodness I'm running Linux on this comp while I fix the other. SUPERAntispyware seems to work.

I got the virus last weekend, got it deleted. But my computer wont open internet pages. Outlook email is fine and so is AOL instant messenger. Just no connection to web pages. It tells me they cant be displayed. Modem was confirmed fine. Any suggetions?

Followed your instructions to go into safe mode, disable proxy server for LAN, hunted down new .exe files in the spot you recommended, then search & destroy registry for avsoft and 127.0.0.1:5555, it seems to work.

my computer was infected thru myspace about a week ago. at first it was pop ups and fake virus scans but now it won't even boot. normal or safe mode, neither works. says the drive isn't recognized. i'm gonna try to download malware on my second computer and transfer it to a flash drive to use on bad computer. will this work? also what do you mean by renaming the file? thanks for any help

I did a system restore and that seemed to fix the Antivirus Soft things, but now I can't use my Verizon USB broadband connection. Does the restore remove those files? (I was able to use the internet connection on the day I restored my computer back to.)

Worked brilliantly! I was so nervous about it not working, but this actually worked. This has saved me a lot of time and trouble over reformatting my computer. I won't be able to describe how happy I am to have saved my piece of junk computer! THANK YOU THANK YOU THANK YOU!

Coincidentally I already had spybot downloaded when I was infected (stupid me feel for the titles of flashupdates when antivirus forced itself in), but popping into safe mode and following these instructions didn't create any problems at all. Thanks again!

I got infected last night with Antivirus Soft. I disable all on start up on msconfig, I removed files using HiJackThis. Cannot connect to the internet so I can't update Malwarebytes or any other programme, so I cannot remove the virus. I have tired disabling proxy server but this does not work, can anyone help?

I got Antivirus Soft. I CAN restart in safe mode with networking but canNOT connect to internet with internet explorer. So I am stuck at that point in the removal instructions. Also,I dont use myspace or facebook, so don't know how I got this.

My wife's Vista64 computer got hit with this Antivirus Soft via an infected PDF. Wouldn't let me into safe mode with networking either. Had to run 'sfc /scannow' as administrator in a command prompt window to get safe mode going again. Then networking was somehow disabled. Had to download MalwareBytes on another computer, updated it, then copied the install file and the latest rules.ref file from c:\ProgramData\Malwarebytes onto a USB memory stick. Renamed the install file to iexplore.exe, ran it to install MalwareBytes pgm. Replaced the rules.ref file with the updated file from the other computer. Ran MalwareBytes program and found four entries related to Antivirus Soft. Removed them, then computer seemed to work OK again.

For those that have a hard time connecting to the internet in safe mode, even after you disable the proxy server, I had the same trouble and had to continually disable the proxy server. I opened to Internet Explorer windows and in one left the tools dialogue box open. I would wait for the error screen to pop up and then quickly disable proxy server and click on the website that I needed. I was like a madwoman trying to beat that software, but after about 10 times I got the timing down and was able to download the files I needed.

Now my internet explorer doesn't work but I was able to download Opera just don't feel like trying to figure out the Internet Explorer yet.

I got this on Saturday 2/27/10 from I believe YouTube. I was not on Facebook or MySpace.

Anyways here is how I removed it: (I am on Windows XP)

I did the control-alt-delete move right at start up in normal mode (I could not open up in Safe Mode). The {blahblah}sftav.exe files were in the processes (there were 2 little buggers!. I ended those processes.

Then I went to Start>Search>For Files or Folders>all files. I typed in sftav, and changed search place to My Computer. It found a package (a downloaded executable) with some weird name in my Documents and Settings folder. I deleted it. Then I emptied the recycle bin.

DONE!

Now I am going to download Malwarebytes to clean up any virus scraps laying around.

I got this stupid virus yesterday. I use Vista and have Symantec for virus proteection. When I restarted my computer it asked me if I wanted to allow AV to start I said no and everything was ok except I could not connect to the internet. When I allowed it to start everything was "infected" and I couldnt connect to anything. I went to the folder that had the AV and deleted it and when I restarted I did not get a prompt to let AV run and everything works fine, except I cannot connect to the internet with internet explorer. I have other programs such as skype that use the internet and they work so i am connected but internet explorer will not go to any websites, it talks about a proxy issue. Please help

@MArch 1, 2010: Avsoft also changes your Internet Explorer settings to force you to use a proxy. To fix this, open Internet Explorer and go to Tools -> Internet Options -> Connections -> LAN Settings and UNcheck the box for "Use a proxy server" and the one below it for "Bypass proxy...". Then you should be good to go.

ok--just read through these posts and getting ready to try and restore system to a few days ago.I got up today to this on my computer--this is one powerful virus and of note the first I've ever had! The only sites I was on were automotive repair--trying to figure out how to fix my bleeping car! I think it might have occured when opening a repair video and it said my flash player needed an update, but not certain. Hoping this will be an easier fix than car--I am neither mechanically or technologically inclined. Thanks all in advance.

this is a darn shame. Shame. Shame. Look how many of us have gotten this junk. How many of us are paying for "protection" and STILL got it.Tell eveyone you know so people will stop buying it from the hateful creators. Unplug the computer when you see this pop up, you dont have time to do much else. Unplug, and restart in safe mode and get busy... Thanks for this site!

Thank you a million times and more! I don't know how I got the virus but it happened about 2 hours ago tonight and I was in shambles not knowing what to do. I found your site and followed all your instructions exactly. I was not able to download spybot in safemode so i threw caution to the wind and restored my settings to a few days prior to this event. So far everything works and looks good, but I will be taking my netbook in to get a better virus protecter software installed just in case. My question is, by restoring to my default settings does this truelly fix my PC by forever getting rif of the virus and am I safe to go to secure sites where I have to submit credit card numbers and personal data etc.? Thank you again, its good to know there are good people willing to help.

Ok I spent 20 hrs playing with this because I just didn't want to give up and do a restore. I'm just stubborn I guess. I got mine while downloading a PDF owners manual for a cell phone. I had all the problems except I have several puter's on a network together so I could work it out. I have used avira but it was disabled to the point that I had to reinstall it. I used spybot and another pay-to-clean, but once I had the name i didn't need to pay. i did a search and deleted it. I still only removed 4 or 5 files that way. My power software is advanced system optimizer. In safe mode it took about 20 hrs and found 42 files that the others never saw. But then I still had the nag files. So I did a ganeric search for "*sftav" and came up with two similar files to those that others have mentioned, that were a "fetch" and an exe that kept pumping out the nags. I got Paladin a week ago and it is similar and it did place porn links on my desktop but this didn't. Since the file names and locations seem to change they must be morphing it every day or so. Point taken that we need all the power we can get. To heck with a slower load each start up or download. The freeware did some of the job but my optimizer did most of it. It deep cleans and then I used it's registry cleaner to take care of that. I only had to go in and manually remove "AVsoft" or whatever it was called from the registry. I'm grateful to all who helped and I feel great that some of us beat this thing. If no one has mentioned it I'd suggest we shred our trash files. Also it does look like Malware now charges.

My son got it off myspace, he clicked on a friends profile and then our puter was hit immediately. Spread the word to everyone to go and put antimalware on on their puters before such thing can happen. Downloads are free at download.com

What worked fast for me:With Vista 64 Home Premium (SP1), I rebooted normally and immediately to get Task Manager.

Interestingly, without doing anything else (only Task Manager on screen), the AntivirusSoft didn't start sending out alerts, so I couldn't tell which process/files to delete, but I was able to open FireFox 3.5.8 (IE wouldn't connect) to download/install MalwareByte (SpyBots wouldn't install). I got an error upon installing Malware, but it continued and installed successfully anyway. I did the quick scan and it found the offending program and deleted it.

Everything seemed back to normal, but I had some continuing problems with IE getting access to web pages, but was able to "reconnect" using IE's Tools/Options/Connections menu.

I've rebooted several times and it seems to be all gone.

Thank you for all your posts and good luck deleting this truly evil virus.

Blog Archive

Blogroll

Rate This Blog or Leave a Review

About Me

Hi there, and welcome to my humble web presence. I'm Michael Kaur. Malware squasher, geek, and blogger based in Los Angeles, CA. If you'd like to contact me, the easiest way is through email given below or Google+. Simply add me to your Google Plus circles.

DisclaimerThis is a self-help guide. Use at your own risk. Deletemalware.blogspot.com can not be held responsible for problems that may occur by using this information.

About the blogThis blog provides reliable information about the latest computer security threats including spyware, adware, browser hijackers, Trojans and other malicious software. We do NOT host or promote any malware (malicious software). We just want to draw your attention to the latest viruses, infections and other malware-related issues. The mission of this blog is to inform people about already existing and newly discovered security threats and to provide assistance in resolving computer problems caused by malware.